feat: export sys variables from aws-lc-rs crate

aws · Jan 31, 2024 · d0a4715 · d0a4715
1 parent cc9f7ee
commit d0a4715
Show file tree

Hide file tree

Showing 7 changed files with 100 additions and 35 deletions.
diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
@@ -66,7 +66,7 @@ jobs:
       fail-fast: false
       matrix:
         os: [ ubuntu-latest, macos-12, macos-13-xlarge, windows-latest ]
-        features: [ aws-lc-sys, aws-lc-fips-sys ]
+        features: [ aws-lc-rs, "aws-lc-rs,fips", aws-lc-sys, aws-lc-fips-sys ]
     steps:
       - uses: actions/checkout@v3
         with:

diff --git a/aws-lc-fips-sys/builder/main.rs b/aws-lc-fips-sys/builder/main.rs
@@ -296,6 +296,12 @@ fn main() {
         setup_include_paths(&out_dir, &manifest_dir).display()
     );
 
+    // export the artifact names
+    println!("cargo:libcrypto={}_crypto", prefix_string());
+    if cfg!(feature = "ssl") {
+        println!("cargo:libssl={}_ssl", prefix_string());
+    }
+
     println!("cargo:rerun-if-changed=builder/");
     println!("cargo:rerun-if-changed=aws-lc/");
     println!("cargo:rerun-if-env-changed=AWS_LC_FIPS_SYS_STATIC");

diff --git a/aws-lc-rs/Cargo.toml b/aws-lc-rs/Cargo.toml
@@ -2,6 +2,8 @@
 name = "aws-lc-rs"
 authors = ["AWS-LibCrypto"]
 version = "1.6.1"
+# this crate re-exports whatever sys crate that was selected
+links = "aws_lc_rs_1_6_1"
 edition = "2021"
 rust-version = "1.60"
 keywords = ["crypto", "cryptography", "security"]

diff --git a/aws-lc-rs/build.rs b/aws-lc-rs/build.rs
@@ -2,28 +2,53 @@
 // SPDX-License-Identifier: Apache-2.0 OR ISC
 
 fn main() {
-    let mutually_exclusives_count = [cfg!(feature = "non-fips"), cfg!(feature = "fips")]
-        .iter()
-        .filter(|x| **x)
-        .count();
-
-    if mutually_exclusives_count > 1 {
-        eprint!("fips and non-fips are mutually exclusive crate features.");
-        std::process::exit(1);
+    if cfg!(feature = "non-fips") && cfg!(feature = "fips") {
+        panic!("`fips` and `non-fips` are mutually exclusive crate features.");
     }
 
     // This appears asymmetric, but it reflects the `cfg` statements in lib.rs that
     // require `aws-lc-sys` to be present when "fips" is not enabled.
-    let at_least_one_count = [cfg!(feature = "aws-lc-sys"), cfg!(feature = "fips")]
-        .iter()
-        .filter(|x| **x)
-        .count();
-
-    if at_least_one_count < 1 {
-        eprint!(
-            "one of the following features must be specified: \
-        aws-lc-sys, non-fips, or fips."
+    // if `fips` is enabled, then use that
+    let sys_crate = if cfg!(feature = "fips") {
+        "aws-lc-fips-sys"
+    } else if cfg!(feature = "aws-lc-sys") {
+        "aws-lc-sys"
+    } else {
+        panic!(
+            "one of the following features must be specified: `aws-lc-sys`, `non-fips`, or `fips`."
         );
-        std::process::exit(1);
+    };
+
+    export_sys_vars(sys_crate);
+}
+
+fn export_sys_vars(sys_crate: &str) {
+    let prefix = if sys_crate == "aws-lc-fips-sys" {
+        "DEP_AWS_LC_FIPS_"
+    } else {
+        "DEP_AWS_LC_"
+    };
+
+    let mut selected = String::default();
+
+    // search through the DEP vars and find the selected sys crate version
+    for (name, _value) in std::env::vars() {
+        if let Some(version) = name.strip_prefix(prefix) {
+            if let Some(version) = version.strip_suffix("_INCLUDE") {
+                selected = format!("{prefix}{version}_");
+                break;
+            }
+        }
+    }
+
+    assert!(!selected.is_empty(), "missing {prefix} include");
+
+    // now export all of the variables with that selected prefix/version
+    for (name, value) in std::env::vars() {
+        if let Some(var) = name.strip_prefix(&selected) {
+            eprintln!("cargo:rerun-if-env-changed={name}");
+            let var = var.to_lowercase();
+            println!("cargo:{var}={value}");
+        }
     }
 }
diff --git a/aws-lc-sys/builder/main.rs b/aws-lc-sys/builder/main.rs
@@ -294,6 +294,12 @@ fn main() {
         setup_include_paths(&out_dir, &manifest_dir).display()
     );
 
+    // export the artifact names
+    println!("cargo:libcrypto={}_crypto", prefix_string());
+    if cfg!(feature = "ssl") {
+        println!("cargo:libssl={}_ssl", prefix_string());
+    }
+
     println!("cargo:rerun-if-changed=builder/");
     println!("cargo:rerun-if-changed=aws-lc/");
     println!("cargo:rerun-if-env-changed=AWS_LC_SYS_STATIC");

diff --git a/sys-testing/Cargo.toml b/sys-testing/Cargo.toml
@@ -6,10 +6,14 @@ publish = false
 
 [features]
 default = ["aws-lc-sys"]
+aws-lc-rs = ["dep:aws-lc-rs"]
 aws-lc-sys = ["dep:aws-lc-sys"]
 aws-lc-fips-sys = ["dep:aws-lc-fips-sys"]
+fips = ["aws-lc-rs/fips"]
+non-fips = ["aws-lc-rs/non-fips"]
 
 [dependencies]
+aws-lc-rs = { path = "../aws-lc-rs", optional = true }
 aws-lc-sys = { path = "../aws-lc-sys", optional = true }
 aws-lc-fips-sys = { path = "../aws-lc-fips-sys", optional = true }
 
@@ -18,4 +22,4 @@ cc = "1"
 toml_edit = "0.21"
 
 [package.metadata.cargo-udeps.ignore]
-normal = [ "aws-lc-sys", "aws-lc-fips-sys" ] # the sys crate is only used through a C library build
+normal = [ "aws-lc-rs", "aws-lc-sys", "aws-lc-fips-sys" ] # the sys crate is only used through a C library build
diff --git a/sys-testing/build.rs b/sys-testing/build.rs
@@ -4,31 +4,53 @@
 use toml_edit::Document;
 
 fn main() {
-    if cfg!(all(feature = "aws-lc-sys", feature = "aws-lc-fips-sys")) {
-        panic!("only one sys crate can be built at a time")
-    } else if cfg!(feature = "aws-lc-sys") {
-        let aws_lc_sys_links = get_package_links_property("../aws-lc-sys/Cargo.toml");
-        build_and_link(aws_lc_sys_links.as_ref(), "aws_lc_sys");
-        return;
-    } else if cfg!(feature = "aws-lc-fips-sys") {
-        let aws_lc_fips_sys_links = get_package_links_property("../aws-lc-fips-sys/Cargo.toml");
-        build_and_link(aws_lc_fips_sys_links.as_ref(), "aws_lc_fips");
-        return;
+    let mut deps = 0;
+
+    macro_rules! count_dep {
+        ($dep:literal) => {
+            if cfg!(feature = $dep) {
+                deps += 1;
+            }
+        };
     }
-    panic!(
-        "select a sys crate for testing using --features aws-lc-sys or --features aws-lc-fips-sys"
-    )
+
+    count_dep!("aws-lc-rs");
+    count_dep!("aws-lc-sys");
+    count_dep!("aws-lc-fips-sys");
+
+    assert_eq!(deps, 1, "exactly one dependency is allowed at a time");
+
+    macro_rules! link_dep {
+        ($dep:literal) => {
+            if cfg!(feature = $dep) {
+                let aws_lc_sys_links =
+                    get_package_links_property(concat!("../", $dep, "/Cargo.toml"));
+                let dep_snake_case = $dep.replace('-', "_");
+                build_and_link(aws_lc_sys_links.as_ref(), &dep_snake_case);
+                return;
+            }
+        };
+    }
+
+    link_dep!("aws-lc-rs");
+    link_dep!("aws-lc-sys");
+    link_dep!("aws-lc-fips-sys");
 }
 
 fn build_and_link(links: &str, target_name: &str) {
     // ensure that the include path is exported and set up correctly
     cc::Build::new()
         .include(env(format!("DEP_{}_INCLUDE", links.to_uppercase())))
         .file("src/testing.c")
-        .compile(target_name);
+        .compile(&format!("testing_{target_name}"));
+
+    // make sure the root was exported
+    let root = env(format!("DEP_{}_ROOT", links.to_uppercase()));
+    println!("cargo:rustc-link-search={root}");
 
     // ensure the libcrypto artifact is linked
-    println!("cargo:rustc-link-lib={links}_crypto");
+    let libcrypto = env(format!("DEP_{}_LIBCRYPTO", links.to_uppercase()));
+    println!("cargo:rustc-link-lib={libcrypto}");
 }
 
 fn get_package_links_property(cargo_toml_path: &str) -> String {